RU2019137439A - FORMATION OF THE KEY DEPENDING ON THE PARAMETER - Google Patents

FORMATION OF THE KEY DEPENDING ON THE PARAMETER Download PDF

Info

Publication number
RU2019137439A
RU2019137439A RU2019137439A RU2019137439A RU2019137439A RU 2019137439 A RU2019137439 A RU 2019137439A RU 2019137439 A RU2019137439 A RU 2019137439A RU 2019137439 A RU2019137439 A RU 2019137439A RU 2019137439 A RU2019137439 A RU 2019137439A
Authority
RU
Russia
Prior art keywords
key
date
service
obtaining
message
Prior art date
Application number
RU2019137439A
Other languages
Russian (ru)
Other versions
RU2019137439A3 (en
Inventor
Грегори Б. РОТ
Брэдли Джеффри БЕХМ
Эрик Д. КРАХЕН
Кристиан М. ИЛАК
Натан Р. ФИТЧ
Эрик Джейсон БРАНДУАЙН
Кевин Росс О'НЕЙЛЛ
Original Assignee
Амазон Текнолоджис, Инк.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US13/248,962 external-priority patent/US9178701B2/en
Priority claimed from US13/248,953 external-priority patent/US9203613B2/en
Priority claimed from US13/248,973 external-priority patent/US9197409B2/en
Application filed by Амазон Текнолоджис, Инк. filed Critical Амазон Текнолоджис, Инк.
Publication of RU2019137439A publication Critical patent/RU2019137439A/en
Publication of RU2019137439A3 publication Critical patent/RU2019137439A3/ru

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • G06F21/335User authentication using certificates for accessing specific resources, e.g. using Kerberos tickets
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0884Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/107Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/088Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3242Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/108Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time

Claims (41)

1. Компьютерно-реализуемый способ, содержащий:1. A computer-implemented method containing: генерирование подписывающего ключа посредством осуществления по меньшей мере одного из этапов:generating a signing key by performing at least one of the steps: получение ключа, который представляет собой совместно используемый секрет между клиентским устройством и компьютерной системой службы;obtaining a key that is a shared secret between the client device and the service computer system; получение, на основании по меньшей мере частично совместно используемого секрета и информации, идентифицирующей дату, на которую использование подписывающего ключа подлежит ограничению, ключа даты, использование которого ограничивается указанной датой;obtaining, based at least in part on the shared secret and information identifying the date on which the use of the signing key is to be restricted, a date key whose use is restricted to the specified date; получение, на основании по меньшей мере частично ключа даты и информации, идентифицирующей округ, в котором использование подписывающего ключа подлежит ограничению, ключа округа, использование которого ограничивается как указанной датой, так и указанным округом;obtaining, based at least in part on the date key and information identifying the district in which the use of the signing key is to be restricted, the district key, the use of which is restricted to both the specified date and the specified district; получение, на основании по меньшей мере частично ключа округа и информации, идентифицирующей службу, в которой использование подписывающего ключа подлежит ограничению, ключа службы, использование которого ограничивается указанной датой, указанным округом и указанной службой;obtaining, based at least in part on the county key and information identifying the service in which the use of the signing key is to be restricted, a service key whose use is restricted to a specified date, a specified county, and a specified service; получение в компьютерной системе службы, канонизированного сообщения из клиентского устройства и первой цифровой подписи;receiving in the computer system the service, the canonized message from the client device, and the first digital signature; получение в компьютерной системе службы второй цифровой подписи на основании по меньшей мере частично канонизированного сообщения и подписывающего ключа; иobtaining a second digital signature on the computer system of the service based on the at least partially canonicalized message and the signing key; and определение в компьютерной системе службы, что канонизированное сообщение является аутентичным, как результат совпадения первой цифровой подписи и второй цифровой подписи.determining in the service computer system that the canonicalized message is authentic as a result of a match between the first digital signature and the second digital signature. 2. Компьютерно-реализуемый способ по п. 1, в котором ключ службы представляет собой подписывающий ключ.2. The computer-implemented method of claim 1, wherein the service key is a signing key. 3. Компьютерно-реализуемый способ по п. 1, в котором получение ключа даты, получение ключа округа и получение ключа службы, осуществляется с помощью хэш-функции кода аутентификации сообщений.3. The computer-implemented method of claim 1, wherein obtaining a date key, obtaining a district key, and obtaining a service key is performed using a message authentication code hash function. 4. Компьютерно-реализуемый способ по п. 1, в котором хэш-функция кода аутентификации сообщений использует алгоритм безопасного хэширования (SHA)-256 функции криптографического хэширования информации.4. The computer-implemented method of claim 1, wherein the hash function of the message authentication code uses a secure hashing algorithm (SHA) -256 of a cryptographic hashing function. 5. Компьютерно-реализуемый способ по п. 1, в котором служба представляет собой множество служб с соответствующими идентификаторами, которые идентифицируют ограничения ключа для указанных служб.5. The computer-implemented method of claim 1, wherein the service is a plurality of services with corresponding identifiers that identify key constraints for said services. 6. Компьютерно-реализуемый способ по п. 1, в котором канонизированное сообщение представляет собой запрос интерфейса программирования приложений и способ дополнительно содержит выполнение запроса интерфейса программирования приложений в соответствии с канонизированным сообщением, являющимся аутентичным.6. The computer-implemented method of claim 1, wherein the canonicalized message is an application programming interface request, and the method further comprises executing an application programming interface request in accordance with the canonicalized message being authentic. 7. Постоянный машиночитаемый носитель информации, на котором хранятся исполняемые команды, которые при выполнении одним или более процессорами первой компьютерной системы побуждают первую компьютерную систему:7. A permanent computer-readable medium that stores executable instructions that, when executed by one or more processors of the first computer system, cause the first computer system to: генерировать подписывающий ключ посредством осуществления по меньшей мере:generate a signing key by doing at least: получения ключа, который представляет собой совместно используемый секрет между первой компьютерной системой и второй компьютерной системой;obtaining a key that is a shared secret between the first computer system and the second computer system; получения, на основании по меньшей мере частично совместно используемого секрета и информации, идентифицирующей дату, на которую использование подписывающего ключа подлежит ограничению, ключа даты, использование которого ограничивается указанной датой;obtaining, based at least in part on the shared secret and information identifying the date on which the use of the signing key is subject to restriction, a date key whose use is restricted to the specified date; получения, на основании по меньшей мере частично ключа даты и информации, идентифицирующей округ, в которой использование подписывающего ключа подлежит ограничению, ключа округа, использование которого ограничивается как указанной датой, так и указанным округом;obtaining, based at least in part on the date key and information identifying the district in which the use of the signing key is to be restricted, the district key, the use of which is restricted to both the specified date and the specified district; получения, на основании по меньшей мере частично ключа округа и информации, идентифицирующей службу, в которой использование подписывающего ключа подлежит ограничению, ключа службы, использование которого ограничивается указанной датой, указанным округом и указанной службой;obtaining, based at least in part on the county key and information identifying the service in which the use of the signing key is to be restricted, a service key whose use is restricted to a specified date, a specified county, and a specified service; осуществления канонизации сообщения для получения канонизированного сообщения;canonicalize a message to receive a canonized message; получения цифровой подписи канонизированного сообщения на основании по меньшей мере частично канонизированного сообщения и подписывающего ключа; иobtaining a digital signature of the canonicalized message based on the at least partially canonicalized message and the signing key; and передачи канонизированного сообщения и цифровой подписи второй компьютерной системе.transmission of the canonized message and digital signature to the second computer system. 8. Постоянный машиночитаемый носитель информации по п. 7, в котором первая компьютерная система представляет собой клиентскую компьютерную систему, а вторая компьютерная система представляет собой сервер службы.8. The permanent computer readable medium of claim 7, wherein the first computer system is a client computer system and the second computer system is a service server. 9. Постоянный машиночитаемый носитель информации по п. 7, в котором сообщение представляет собой запрос интерфейса программирования приложений.9. The permanent computer readable medium of claim 7, wherein the message is an application programming interface request. 10. Постоянный машиночитаемый носитель информации по п. 7, в котором получение ключа даты, получение ключа округа и получение ключа службы, выполняют с использованием криптографической хэш-функции.10. The permanent computer-readable medium of claim 7, wherein the acquisition of the date key, acquisition of the district key, and acquisition of the service key are performed using a cryptographic hash function. 11. Постоянный машиночитаемый носитель информации по п. 7, в котором информация, идентифицирующая дату, информация, идентифицирующая округ и информация, идентифицирующая службу, являются закодированными, как строки.11. The permanent machine-readable medium of claim 7, wherein the date identifying information, district identifying information and service identifying information are encoded as strings. 12. Система, содержащая:12. System containing: один или более процессоров и one or more processors and память, в которой хранятся команды, которые при выполнении одним или более процессорами побуждают систему:memory that stores instructions that, when executed by one or more processors, prompt the system: получать подписывающий ключ посредством по меньшей мере:obtain the signing key through at least: получения ключа, который представляет собой совместно используемый секрет между указанной системой и другой системой;obtaining a key that is a shared secret between said system and another system; использования криптографической хэш-функции, указанного ключа, информации, идентифицирующей дату, на которую использование подписывающего ключа подлежит ограничению, информации, идентифицирующей округ, в котором использование подписывающего ключа подлежит ограничению, и информации, идентифицирующей службу, в которой использование подписывающего ключа подлежит ограничению для получения подписывающего ключа; the use of a cryptographic hash function, the specified key, information identifying the date on which the use of the signing key is subject to restriction, information identifying the county in which the use of the signing key is subject to restriction, and information identifying the service in which the use of the signing key is subject to restriction to obtain signing key; получения канонизированного сообщения;receiving a canonized message; использования подписывающего ключа для генерирования цифровой подписи канонизированного сообщения.using a signing key to generate a digital signature for a canonized message. 13. Система по п. 12, в которой канонизированное сообщение представляет собой запрос интерфейса программирования приложений.13. The system of claim 12, wherein the canonicalized message is an application programming interface request. 14. Система по п. 12, в которой криптографическая хэш-функция используется в хэш-функции кода аутентификации сообщений.14. The system of claim 12, wherein the cryptographic hash function is used in the message authentication code hash function. 15. Система по п. 12, в которой команды, которые побуждают систему для получения подписывающего ключа, выполняются для побуждения системы для:15. The system of claim 12, wherein the commands that prompt the system to obtain the signing key are executed to prompt the system to: получения ключа даты, на основании по меньшей мере частично информации, идентифицирующей дату и указанный ключ;obtaining a date key based at least in part on information identifying the date and the specified key; получения ключа округа, на основании по меньшей мере частично ключа даты и информации, идентифицирующей округ, иobtaining a county key based at least in part on the date key and county identifying information, and получения подписывающего ключа, на основании по меньшей мере частично ключа округа и информации, идентифицирующей службу.obtaining a signing key based at least in part on the district key and service identification information.
RU2019137439A 2011-09-29 2019-11-21 FORMATION OF THE KEY DEPENDING ON THE PARAMETER RU2019137439A (en)

Applications Claiming Priority (6)

Application Number Priority Date Filing Date Title
US13/248,953 2011-09-29
US13/248,962 2011-09-29
US13/248,962 US9178701B2 (en) 2011-09-29 2011-09-29 Parameter based key derivation
US13/248,973 2011-09-29
US13/248,953 US9203613B2 (en) 2011-09-29 2011-09-29 Techniques for client constructed sessions
US13/248,973 US9197409B2 (en) 2011-09-29 2011-09-29 Key derivation techniques

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
RU2018137062A Division RU2709162C1 (en) 2011-09-29 2018-10-22 Key formation depending on parameter

Publications (2)

Publication Number Publication Date
RU2019137439A true RU2019137439A (en) 2021-05-21
RU2019137439A3 RU2019137439A3 (en) 2021-11-16

Family

ID=47996473

Family Applications (6)

Application Number Title Priority Date Filing Date
RU2016110793A RU2636105C1 (en) 2011-09-29 2012-09-28 Key formation depending on parameter
RU2014117153/08A RU2582540C2 (en) 2011-09-29 2012-09-28 Key generation depending on parameter
RU2017135822A RU2670778C9 (en) 2011-09-29 2017-10-09 Forming the key depending on the parameter
RU2017135821A RU2671052C1 (en) 2011-09-29 2017-10-09 Forming the key depending on the parameter
RU2018137062A RU2709162C1 (en) 2011-09-29 2018-10-22 Key formation depending on parameter
RU2019137439A RU2019137439A (en) 2011-09-29 2019-11-21 FORMATION OF THE KEY DEPENDING ON THE PARAMETER

Family Applications Before (5)

Application Number Title Priority Date Filing Date
RU2016110793A RU2636105C1 (en) 2011-09-29 2012-09-28 Key formation depending on parameter
RU2014117153/08A RU2582540C2 (en) 2011-09-29 2012-09-28 Key generation depending on parameter
RU2017135822A RU2670778C9 (en) 2011-09-29 2017-10-09 Forming the key depending on the parameter
RU2017135821A RU2671052C1 (en) 2011-09-29 2017-10-09 Forming the key depending on the parameter
RU2018137062A RU2709162C1 (en) 2011-09-29 2018-10-22 Key formation depending on parameter

Country Status (10)

Country Link
EP (3) EP3742300A1 (en)
JP (3) JP6082015B2 (en)
CN (2) CN103842984B (en)
AU (3) AU2012315674B9 (en)
BR (2) BR112014007665B1 (en)
CA (1) CA2847713C (en)
IN (1) IN2014DN03111A (en)
RU (6) RU2636105C1 (en)
SG (3) SG10201903265PA (en)
WO (1) WO2013049689A1 (en)

Families Citing this family (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101837150B1 (en) * 2016-06-30 2018-03-09 (주)넷비젼텔레콤 Proxy authentication system and method for providing proxy service
US20180019986A1 (en) * 2016-07-12 2018-01-18 Qualcomm Incorporated User privacy protected location-based authentication on mobile devices
DE102017201891A1 (en) * 2017-02-07 2018-08-09 Siemens Aktiengesellschaft Programmable hardware security module and method on a programmable hardware security module
US10586057B2 (en) 2017-11-16 2020-03-10 Intuit Inc. Processing data queries in a logically sharded data store
US10873450B2 (en) 2017-11-16 2020-12-22 Intuit Inc. Cryptographic key generation for logically sharded data stores
AU2017440029B2 (en) * 2017-11-16 2021-04-01 Intuit Inc. Cryptographic key generation for logically sharded data stores
EP3599737A1 (en) * 2018-07-24 2020-01-29 Gemalto Sa Method to create a primary cryptographic key with owner-defined transformation rules
CN111768304A (en) 2018-08-06 2020-10-13 阿里巴巴集团控股有限公司 Block chain transaction method and device and electronic equipment
CN110419053B (en) 2018-11-27 2023-12-01 创新先进技术有限公司 System and method for information protection
WO2019072276A2 (en) 2018-11-27 2019-04-18 Alibaba Group Holding Limited System and method for information protection
SG11201902773VA (en) * 2018-11-27 2019-05-30 Alibaba Group Holding Ltd System and method for information protection
US10700850B2 (en) 2018-11-27 2020-06-30 Alibaba Group Holding Limited System and method for information protection
KR102248154B1 (en) 2018-11-27 2021-05-06 어드밴스드 뉴 테크놀로지스 씨오., 엘티디. Systems and methods for information protection
RU2735439C2 (en) 2018-11-27 2020-11-02 Алибаба Груп Холдинг Лимитед System and method for protecting information
WO2020239179A1 (en) * 2019-05-28 2020-12-03 Kamstrup A/S Distributed access control
CN114531302A (en) * 2021-12-28 2022-05-24 中国电信股份有限公司 Data encryption method, device and storage medium

Family Cites Families (32)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5956404A (en) * 1996-09-30 1999-09-21 Schneier; Bruce Digital signature with auditing bits
US5917911A (en) * 1997-01-23 1999-06-29 Motorola, Inc. Method and system for hierarchical key access and recovery
US6097817A (en) * 1997-12-10 2000-08-01 Omnipoint Corporation Encryption and decryption in communication system with wireless trunk
US6601172B1 (en) * 1997-12-31 2003-07-29 Philips Electronics North America Corp. Transmitting revisions with digital signatures
GB2342195A (en) * 1998-09-30 2000-04-05 Xerox Corp Secure token-based document server
US6711679B1 (en) * 1999-03-31 2004-03-23 International Business Machines Corporation Public key infrastructure delegation
US6643774B1 (en) * 1999-04-08 2003-11-04 International Business Machines Corporation Authentication method to enable servers using public key authentication to obtain user-delegated tickets
US20030041110A1 (en) * 2000-07-28 2003-02-27 Storymail, Inc. System, Method and Structure for generating and using a compressed digital certificate
US20020194483A1 (en) * 2001-02-25 2002-12-19 Storymail, Inc. System and method for authorization of access to a resource
US7308431B2 (en) * 2000-09-11 2007-12-11 Nokia Corporation System and method of secure authentication and billing for goods and services using a cellular telecommunication and an authorization infrastructure
JP4301482B2 (en) * 2001-06-26 2009-07-22 インターナショナル・ビジネス・マシーンズ・コーポレーション Server, information processing apparatus, access control system and method thereof
JP2003058657A (en) * 2001-08-09 2003-02-28 Matsushita Electric Ind Co Ltd Server and method for license management
WO2003017559A2 (en) * 2001-08-13 2003-02-27 Board Of Trustees Of The Leland Stanford Junior University Systems and methods for identity-based encryption and related cryptographic techniques
US7617542B2 (en) * 2001-12-21 2009-11-10 Nokia Corporation Location-based content protection
EP2339777A3 (en) * 2002-01-30 2011-12-28 Tecsec, Incorporated Method of authenticating a user to use a system
NO318842B1 (en) * 2002-03-18 2005-05-09 Telenor Asa Authentication and access control
US6971017B2 (en) * 2002-04-16 2005-11-29 Xerox Corporation Ad hoc secure access to documents and services
JP2006508471A (en) * 2002-11-27 2006-03-09 アールエスエイ セキュリティー インク Identification and authentication system and method
EP1515507A1 (en) * 2003-09-09 2005-03-16 Axalto S.A. Authentication in data communication
JP2006120089A (en) * 2004-10-25 2006-05-11 Ntt Docomo Inc Data management system and data management method
JP4701733B2 (en) * 2005-02-04 2011-06-15 パナソニック株式会社 Management server, device, and license management system
US20090199009A1 (en) * 2005-06-07 2009-08-06 Pei Yen Chia Systems, methods and computer program products for authorising ad-hoc access
JP4792944B2 (en) * 2005-11-30 2011-10-12 日本電気株式会社 Permission management system, token verification method, token verification program
JP4823704B2 (en) * 2006-02-01 2011-11-24 Kddi株式会社 Authentication system, authentication information delegation method and security device in the same system
JP4766249B2 (en) * 2006-03-01 2011-09-07 日本電気株式会社 Token transfer method, token transfer system, and authority authentication permission server
US8312523B2 (en) * 2006-03-31 2012-11-13 Amazon Technologies, Inc. Enhanced security for electronic communications
US8112794B2 (en) * 2006-07-17 2012-02-07 Research In Motion Limited Management of multiple connections to a security token access device
JP2008172728A (en) * 2007-01-15 2008-07-24 Megachips System Solutions Inc Security system
CN103124405A (en) * 2007-01-26 2013-05-29 交互数字技术公司 Method and apparatus for securing location information and access control using the location information
JP4982215B2 (en) * 2007-03-14 2012-07-25 株式会社トヨタIt開発センター Encryption communication system, encryption communication method, encryption communication program, in-vehicle terminal, and server
US9106426B2 (en) * 2008-11-26 2015-08-11 Red Hat, Inc. Username based authentication and key generation
JP5446650B2 (en) * 2009-09-17 2014-03-19 沖電気工業株式会社 Communication data novelty confirmation system, transmitting terminal and receiving terminal

Also Published As

Publication number Publication date
EP2761487A1 (en) 2014-08-06
JP2019149833A (en) 2019-09-05
CN103842984B (en) 2017-05-17
CN107017984A (en) 2017-08-04
CA2847713A1 (en) 2013-04-04
WO2013049689A1 (en) 2013-04-04
JP6082015B2 (en) 2017-02-15
EP3493070B1 (en) 2020-07-29
CN107017984B (en) 2020-09-01
RU2636105C1 (en) 2017-11-20
AU2012315674B9 (en) 2018-08-30
RU2671052C1 (en) 2018-10-29
JP2014531855A (en) 2014-11-27
JP6527179B2 (en) 2019-06-05
JP2017069989A (en) 2017-04-06
EP3742300A1 (en) 2020-11-25
BR122015024906B1 (en) 2021-10-19
AU2020200584B2 (en) 2021-05-06
SG2014012264A (en) 2014-08-28
RU2019137439A3 (en) 2021-11-16
AU2020200584A1 (en) 2020-02-13
RU2670778C1 (en) 2018-10-25
BR112014007665A2 (en) 2017-04-18
BR122015024906A2 (en) 2019-08-27
SG10201903265PA (en) 2019-05-30
RU2582540C2 (en) 2016-04-27
AU2018202251B2 (en) 2019-10-31
AU2012315674B2 (en) 2018-04-19
CA2847713C (en) 2021-02-09
EP3493070A1 (en) 2019-06-05
EP2761487A4 (en) 2015-06-24
EP2761487B1 (en) 2018-11-07
RU2670778C9 (en) 2018-11-23
BR112014007665B1 (en) 2021-07-13
RU2709162C1 (en) 2019-12-16
AU2012315674A1 (en) 2014-03-20
AU2018202251A1 (en) 2018-04-26
IN2014DN03111A (en) 2015-05-15
RU2014117153A (en) 2015-11-10
JP6895478B2 (en) 2021-06-30
CN103842984A (en) 2014-06-04
SG10201608067QA (en) 2016-11-29

Similar Documents

Publication Publication Date Title
RU2019137439A (en) FORMATION OF THE KEY DEPENDING ON THE PARAMETER
US11323272B2 (en) Electronic identification verification methods and systems with storage of certification records to a side chain
CN107342867B (en) Signature verification method and device
GB2573666A (en) Verifying authenticity of computer readable information using the blockchain
US11394556B2 (en) Blockchain-enabled computing
EA201790385A1 (en) METHOD OF DIGITAL SIGNATURE OF ELECTRONIC FILE AND METHOD OF AUTHENTICATION
CN107948143B (en) Identity-based privacy protection integrity detection method and system in cloud storage
MY189760A (en) Method, apparatus, and system for processing two-dimensional barcodes
WO2018215947A1 (en) Script-based blockchain interaction
JP2020509674A5 (en)
EP3399484B1 (en) Method and server for authenticating and verifying file
RU2012151502A (en) CONTENT REPUTATION SERVICE BASED ON DECLARATION
JP2017098806A5 (en)
TW201610742A (en) Encrypting and decrypting information
EP2782037A3 (en) Method and apparatus for performing authentication between applications
JP2017526195A5 (en)
RU2006118331A (en) METHODS AND APPARATUS FOR PROVIDING VERTICAL DATA OF APPLIED PROGRAMS
CN105007161B (en) A kind of fuzzy keyword public key search encryption method of trapdoor None- identified
JP2017531951A5 (en)
RU2013113592A (en) METHOD FOR PROTECTED REMOTE ACCESS TO INFORMATION RESOURCES
CN105515778A (en) Cloud storage data integrity service signature method
CN108985409B (en) Identity card information reading method and device and electronic equipment
CN111984959B (en) Anonymous information publishing and verifying method and device
JP2017517795A5 (en)
CN109756344B (en) Digital signature of document and verification method and device thereof